In the spirit of trust, transparency and open collaboration I am publishing the setup and configuration details.

Please review

The Setup

User                   | DNSCrypt Poland
-----------------------+------------------------------------------------------------------------
                       |
[dnscrypt-proxy] <-firewall2-> [dnscrypt-wrapper] - [Unbound1a, 1b] - [Root Name Servers]
                       |                                  |
                       |                              [dnschain] - [namecoind]
                       |                                                |
                       |                                              [TOR]
                       |                                                |
                       |                                           [Namechain]

1a Unbound Configuration

server:
    do-not-query-localhost: no
    so-rcvbuf: 8m
    so-sndbuf: 8m
    verbosity: 0
    do-ip6: yes
    prefetch: yes
    msg-cache-size: 200m
    rrset-cache-size: 400m
    key-cache-size: 256m
    infra-cache-numhosts: 50000
    num-threads: 1
    msg-cache-slabs: 1
    rrset-cache-slabs: 1
    infra-cache-slabs: 1
    key-cache-slabs: 1
    interface: ::1
    interface: 127.0.0.1
    extended-statistics: yes
    statistics-cumulative: no
    access-control: 127.0.0.1 allow
    access-control: ::1 allow
    # The following line will configure unbound to perform cryptographic
    # DNSSEC validation using the root trust anchor.
    auto-trust-anchor-file: "/var/lib/unbound/root.key"
    cache-min-ttl: 600
    use-caps-for-id: no
    harden-glue: yes
    harden-dnssec-stripped: yes
    prefetch-key: yes

    # Using DNSCrypt.pl?
    local-data: "using.dnscrypt.pl A 178.62.233.48"

# The Mask – DNS and IP filtering as per Kaspersky Paper
# http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf
local-zone: "nthost.shacknet.nu" refuse
local-zone: "tunga.homedns.org" refuse
local-zone: "prosoccer1.dyndns.info" refuse
local-zone: "prosoccer2.dyndns.info" refuse
local-zone: "nav1002.ath.cx" refuse
local-zone: "pininfarina.dynalias.com" refuse
local-zone: "wqq.dyndns.org" refuse
local-zone: "pl400.dyndns.org" refuse
local-zone: "services.serveftp.org" refuse
local-zone: "sv.serveftp.org" refuse
local-zone: "cherry1962.dyndns.org" refuse
local-zone: "carrus.gotdns.com" refuse
local-zone: "ricush.ath.cx" refuse
local-zone: "takami.podzone.net" refuse
local-zone: "dfup.selfip.org" refuse
local-zone: "wwnav.selfip.net" refuse
local-zone: "fast8.homeftp.org" refuse
local-zone: "ctronlinenews.dyndns.tv" refuse
local-zone: "mango66.dyndns.org" refuse
local-zone: "gx5639.dyndns.tv" refuse
local-zone: "redirserver.net" refuse
local-zone: "swupdt.com" refuse
local-zone: "msupdt.com" refuse
local-zone: "appleupdt.com" refuse
local-zone: "linkconf.net" refuse

# Trend Micro .bit domains
# http://www.trendmicro.com.au/cloud-content/us/pdfs/security-intelligence/white-papers/wp-bitcoin-domains.pdf
local-zone: "megashara.bit" refuse
local-zone: "opusattheend.bit" refuse
local-zone: "supermegacool.bit" refuse
local-zone: "bitshara.bit" refuse

# http://blog.sucuri.net/2014/12/new-malware-campaign-wpcache-blogger-affects-thousands-more-wordpress-websites-via-revslider.html
local-zone: "wpcache-blogger.com" refuse
local-zone: "ads.akeemdom.com" refuse

# 25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Equation_group_questions_and_answers.pdf
# C&C servers (hostnames and IPs):
# DoubleFantasy
local-zone: "advancing-technology.com" refuse
local-zone: "avidnewssource.com" refuse
local-zone: "businessdealsblog.com" refuse
local-zone: "businessedgeadvance.com" refuse
local-zone: "charging-technology.com" refuse
local-zone: "computertechanalysis.com" refuse
local-zone: "config.getmyip.com" refuse
local-zone: "globalnetworkanalys.com" refuse
local-zone: "melding-technology.com" refuse
local-zone: "myhousetechnews.com" refuse
local-zone: "newsterminalvelocity.com" refuse
local-zone: "selective-business.com" refuse
local-zone: "slayinglance.com" refuse
local-zone: "successful-marketing-now.com" refuse
local-zone: "taking-technology.com" refuse
local-zone: "techasiamusicsvr.com" refuse
local-zone: "technicaldigitalreporting.com" refuse
local-zone: "timelywebsitehostesses.com" refuse
local-zone: "www.dt1blog.com" refuse
local-zone: "www.forboringbusinesses.com" refuse

# EquationLaser
local-zone: "lsassoc.com" refuse
local-zone: "gar-tech.com" refuse

# Fanny
local-zone: "webuysupplystore.mooo.com" refuse

# EquationDrug
local-zone: "newjunk4u.com" refuse
local-zone: "easyadvertonline.com" refuse
local-zone: "newip427.changeip.net" refuse
local-zone: "ad-servicestats.net" refuse
local-zone: "subad-server.com" refuse
local-zone: "ad-noise.net" refuse
local-zone: "ad-void.com" refuse
local-zone: "aynachatsrv.com" refuse
local-zone: "damavandkuh.com" refuse
local-zone: "fnlpic.com" refuse
local-zone: "monster-ads.net" refuse
local-zone: "nowruzbakher.com" refuse
local-zone: "sherkhundi.com" refuse
local-zone: "quik-serv.com" refuse
local-zone: "nickleplatedads.com" refuse
local-zone: "arabtechmessenger.net" refuse
local-zone: "amazinggreentechshop.com" refuse
local-zone: "foroushi.net" refuse
local-zone: "technicserv.com" refuse
local-zone: "goldadpremium.com" refuse
local-zone: "honarkhaneh.net" refuse
local-zone: "parskabab.com" refuse
local-zone: "technicupdate.com" refuse
local-zone: "technicads.com" refuse
local-zone: "customerscreensavers.com" refuse
local-zone: "darakht.com" refuse
local-zone: "ghalibaft.com" refuse
local-zone: "adservicestats.com" refuse
local-zone: "247adbiz.net" refuse
local-zone: "webbizwild.com" refuse
local-zone: "roshanavar.com" refuse
local-zone: "afkarehroshan.com" refuse
local-zone: "thesuperdeliciousnews.com" refuse
local-zone: "adsbizsimple.com" refuse
local-zone: "goodbizez.com" refuse
local-zone: "meevehdar.com" refuse
local-zone: "xlivehost.com" refuse
local-zone: "downloadmpplayer.com" refuse
local-zone: "honarkhabar.com" refuse
local-zone: "techsupportpwr.com" refuse
local-zone: "zhalehziba.com" refuse
local-zone: "serv-load.com" refuse
local-zone: "wangluoruanjian.com" refuse
local-zone: "islamicmarketing.net" refuse
local-zone: "noticiasftpsrv.com" refuse
local-zone: "coffeehausblog.com" refuse
local-zone: "platads.com" refuse
local-zone: "havakhosh.com" refuse
local-zone: "toofanshadid.com" refuse
local-zone: "bazandegan.com" refuse
local-zone: "sherkatkonandeh.com" refuse
local-zone: "mashinkhabar.com" refuse
local-zone: "quickupdateserv.com" refuse
local-zone: "rapidlyserv.com" refuse

# GrayFish
local-zone: "business-made-fun.com" refuse
local-zone: "businessdirectnessource.com" refuse
local-zone: "charmedno1.com" refuse
local-zone: "cribdare2no.com" refuse
local-zone: "dowelsobject.com" refuse
local-zone: "following-technology.com" refuse
local-zone: "forgotten-deals.com" refuse
local-zone: "functional-business.com" refuse
local-zone: "housedman.com" refuse
local-zone: "industry-deals.com" refuse
local-zone: "listennewsnetwork.com" refuse
local-zone: "phoneysoap.com" refuse
local-zone: "posed2shade.com" refuse
local-zone: "rehabretie.com" refuse
local-zone: "speedynewsclips.com" refuse
local-zone: "teatac4bath.com" refuse
local-zone: "unite3tubes.com" refuse
local-zone: "unwashedsound.com" refuse

# TripleFantasy
local-zone: "arm2pie.com" refuse
local-zone: "brittlefilet.com" refuse
local-zone: "cigape.net" refuse
local-zone: "crisptic01.net" refuse
local-zone: "fliteilex.com" refuse
local-zone: "itemagic.net" refuse
local-zone: "micraamber.net" refuse
local-zone: "mimicrice.com" refuse
local-zone: "rampagegramar.com" refuse
local-zone: "rubi4edit.com" refuse
local-zone: "rubiccrum.com" refuse
local-zone: "rubriccrumb.com" refuse
local-zone: "team4heat.net" refuse
local-zone: "tropiccritics.com" refuse

# Equation group’s exploitation servers:
local-zone: "standardsandpraiserepurpose.com" refuse
local-zone: "suddenplot.com" refuse
local-zone: "technicalconsumerreports.com" refuse
local-zone: "technology-revealed.com" refuse

# Babar: http://www.cyphort.com/babar-suspected-nation-state-spyware-spotlight/
local-zone: "horizons-tourisme.com" refuse
local-zone: "gezelimmi.com" refuse

# Evil Bunny http://www.slideshare.net/Cyphort/mmw-evil-bunny
local-zone: "callientefever.info" refuse
local-zone: "le-progress.net" refuse
local-zone: "ghatreh.com" refuse
local-zone: "www.usthb-dz.org" refuse

# FIN4 https://github.com/fireeye/iocs/blob/master/FIN4/fb0699e2-23a6-40f9-bf96-4514d629eec3.ioc
local-zone: "ellismikepage.info" refuse
local-zone: "lifehealthsanfrancisco2015.com" refuse
local-zone: "rpgallerynow.info" refuse
local-zone: "dmforever.biz" refuse
local-zone: "msoutexchange.us" refuse
local-zone: "junomaat81.us" refuse
local-zone: "outlookscansafe.net" refuse
local-zone: "outlookexchange.net" refuse
local-zone: "nickgoodsite.co.uk" refuse

local-zone: "adserver.alltraveldaily.com" refuse
local-zone: "adserver.mensstylebook.com" refuse
local-zone: "adserver.recipechart.com" refuse
local-zone: "adserver.highspeedtesting.com" refuse
local-zone: "adserver.smackchow.com" refuse

# https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.htmlhttps://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html
local-zone: "plantsroyal.org" refuse
local-zone: "ripola.net" refuse
local-zone: "valanoice.org" refuse
local-zone: "adorephote.org" refuse
local-zone: "jackropely.org" refuse


# http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf
local-zone: "advseedpromoan.com" refuse
local-zone: "seoratingonlyip.net" refuse
local-zone: "advertise.com" refuse
local-zone: "pratioupstudios.org" refuse
#local-zone: "behance.net" refuse

# http://blogs.cisco.com/security/talos/rombertik
local-zone: "centozos.org.in" refuse

# https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/
local-zone: "ddosprotected.eu" refuse
local-zone: "updatesoft.eu" refuse
local-zone: "app.cloudprotect.eu" refuse
local-zone: "fw.ddosprotected.eu" refuse
local-zone: "logs.cloudprotect.eu" refuse
local-zone: "ssl.cloudprotect.eu" refuse
local-zone: "ssl.updatesoft.eu" refuse
local-zone: "adb.strangled.net" refuse
local-zone: "digitalinsight-ltd.com" refuse
local-zone: "ads.digitalinsight-ltd.com" refuse
local-zone: "cache.cloudbox-storage.com" refuse
local-zone: "cloudbox-storage.com" refuse
local-zone: "clust12-akmai.net" refuse
local-zone: "corp-aapl.com" refuse
local-zone: "fb.clust12-akmai.net" refuse
local-zone: "fbcbn.net" refuse
local-zone: "img.digitalinsight-ltd.com" refuse
local-zone: "jdk-update.com" refuse
local-zone: "liveanalytics.org" refuse
local-zone: "min.liveanalytics.org" refuse
local-zone: "pop.digitalinsight-ltd.com" refuse
local-zone: "ww1.jdk-update.com" refuse
local-zone: "find.a-job.today" refuse
local-zone: "cryptomag.mediasource.ch" refuse

# https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf
local-zone: "adguard.name" refuse
local-zone: "beefeewhewhush-eelu.biz" refuse
local-zone: "blisko.net" refuse
local-zone: "comixed.org" refuse
local-zone: "coral-trevel.com" refuse
local-zone: "datsun-auto.com" refuse
local-zone: "di-led.com" refuse
local-zone: "financialnewson-line.pw" refuse
local-zone: "financialwiki.pw" refuse
local-zone: "flowindaho.info" refuse
local-zone: "freemsk-dns.com" refuse
local-zone: "gjhhghjg6798.com" refuse
local-zone: "glonass-map.com" refuse
local-zone: "great-codes.com" refuse
local-zone: "icafyfootsinso.ru" refuse
local-zone: "idedroatyxoaxi.ru" refuse
local-zone: "ivaserivaseeer.biz" refuse
local-zone: "microloule461soft-c1pol361.com" refuse
local-zone: "microsoftc1pol361.com" refuse
local-zone: "mind-finder.com" refuse
local-zone: "operatemsesscont.net" refuse
local-zone: "paradise-plaza.com" refuse
local-zone: "public-dns.us" refuse
local-zone: "publics-dns.com" refuse
local-zone: "systemsvc.net" refuse
local-zone: "system-svc.net" refuse
local-zone: "traider-pro.com" refuse
local-zone: "travel-maps.info" refuse
local-zone: "update-java.net" refuse
local-zone: "veslike.com" refuse
local-zone: "wefwe3223wfdsf.com" refuse
local-zone: "worldnews24.pw" refuse
local-zone: "worldnewsonline.pw" refuse

# http://www.welivesecurity.com/2015/09/08/carbanak-gang-is-back-and-packing-new-guns/
local-zone: "weekend-service.com" refuse
local-zone: "seven-sky.org" refuse
local-zone: "clients4-google.com" refuse
local-zone: "adobe-dns-3-adobe.com" refuse
local-zone: "img.in-travelusa.com" refuse

# hummingbad
# http://blog.checkpoint.com/2016/02/04/hummingbad-a-persistent-mobile-chain-attack/
# https://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf
local-zone: "hummerlauncher.com" refuse
local-zone: "cdn.sh-jxzx.com" refuse
local-zone: "d2b7xycc4g1w1e.cloudfront.net" refuse
local-zone: "d1qxrv0ap6yf2e.cloudfront.net" refuse
local-zone: "032n.com" refuse
local-zone: "032o.com" refuse
local-zone: "guangbom.com" refuse
local-zone: "ssppsspp.com" refuse
local-zone: "ccaa100.com" refuse
local-zone: "ccaa200.com" refuse
local-zone: "cscs100.com" refuse
local-zone: "cscs200.com" refuse
local-zone: "hmapi.com" refuse
local-zone: "eoapi.com" refuse
local-zone: "ma2.heshan88.com" refuse
local-zone: "sl2.heshan88.com" refuse
local-zone: "ma2.lb0408.com" refuse
local-zone: "sl2.lb0408.com" refuse
local-zone: "aa0ad.com" refuse
local-zone: "aa0ab.com" refuse

# http://blog.anubisnetworks.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack
local-zone: "lhzbdvm.com" refuse
local-zone: "prugskh.net" refuse
local-zone: "prugskh.com" refuse
local-zone: "oyag.lhzbdvm.com" refuse
local-zone: "oyag.prugskh.net" refuse
local-zone: "oyag.prugskh.com" refuse


# cryptolocker
# http://cybertracker.malwarehunterteam.com/malicious/846 (847/848/849)
local-zone: "nuservermail.net" refuse
local-zone: "aservermail.net" refuse
local-zone: "majorservice.net" refuse
local-zone: "giantservice.net" refuse

# blog.malwarebytes.org/threat-analysis
local-zone: "trackmytraffic.biz" refuse
local-zone: "talk915.pw" refuse

# http://www.welivesecurity.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/
local-zone: "conce.republicoftaste.com" refuse
local-zone: "compe.quincephotographyvideo.com" refuse
local-zone: "ntion.atheist-tees.com" refuse
local-zone: "entat.usedmachinetools.co" refuse
local-zone: "connt.modusinrebus.net" refuse
local-zone: "ainab.photographyquincemiami.com" refuse
local-zone: "rated.republicoftaste.com" refuse
local-zone: "rence.backstageteeshirts.com" refuse

# https://zaufanatrzeciastrona.pl/post/wlamania-do-kilku-bankow-skutkiem-powaznego-ataku-na-polski-sektor-finansowy/
local-zone: "misapor.ch" refuse
local-zone: "sap.misapor.ch" refuse
local-zone: "eye-watch.in" refuse
local-zone: "www.eye-watch.in" refuse

# https://zaufanatrzeciastrona.pl/post/uwaga-na-rzadowa-witryne-infekujaca-odwiedzajacych-ja-uzytkownikow-ransomware/
# http://malware-traffic-analysis.net/2017/01/24/index.html
local-zone: "trashoutservices.com" refuse
local-zone: "kidsonthestreet.com" refuse
local-zone: "neighborhoodreunion.org" refuse
local-zone: "neighborhoodreunion.com" refuse
local-zone: "sellfloridahomes.com" refuse
local-zone: "hospitality-health.org" refuse
local-zone: "floridawholesaleproduce.com" refuse
local-zone: "joellipman.com" refuse
local-zone: "hospitality-health.us" refuse

    domain-insecure: "bit"
    domain-insecure: "dns"
    domain-insecure: "using.dnscrypt.pl"

    stub-zone:
        name: "bit"
        stub-addr: 178.216.201.222@5333

    stub-zone:
        name: "dns"
        stub-addr: 178.216.201.222@5333

1b Unbound Jobs

The following domain malware lists are used each day to dynamically add them as REFUSED domains:

Command in use is: unbound-control -q local_zone “$domain” refuse

2 IPSET

## http://rhelblog.redhat.com/2014/04/11/mitigate-tcp-syn-flood-attacks-with-red-hat-enterprise-linux-7-beta/

# The Mask - C&C
# http://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/unveilingthemask_v1.0.pdf
ipset create evil_ips iphash
ipset add evil_ips 190.10.9.209/32
ipset add evil_ips 190.105.232.46/32
ipset add evil_ips 196.40.84.94/32
ipset add evil_ips 200.122.160.25/32
ipset add evil_ips 202.150.211.102/32
ipset add evil_ips 202.150.214.50/32
ipset add evil_ips 202.75.56.123/32
ipset add evil_ips 202.75.56.231/32
ipset add evil_ips 202.75.58.153/32
ipset add evil_ips 210.48.153.236/32
ipset add evil_ips 223.25.232.161/32
ipset add evil_ips 37.235.63.127/32
ipset add evil_ips 81.0.233.15/32
ipset add evil_ips 82.208.40.11/32
ipset add evil_ips 62.149.227.3/32
ipset add evil_ips 75.126.146.114/32

# http://www.volexity.com/blog/?p=118
ipset add evil_ips 109.228.25.87/32


# http://blog.sucuri.net/2014/12/new-malware-campaign-wpcache-blogger-affects-thousands-more-wordpress-websites-via-revslider.html
ipset add evil_ips 122.155.168/24

# https://gist.github.com/jedisct1/52c4364b3568987b12b3
ipset add evil_ips 192.184.48.10/32

# Team Cymru
# https://www.team-cymru.com/ReadingRoom/Whitepapers/2013/TeamCymruSOHOPharming.pdf
ipset create evil_ips_dns iphash
ipset add evil_ips_dns 5.45.75.11/32
ipset add evil_ips_dns 5.45.75.36/32
ipset add evil_ips_dns 95.211.241.94/32
ipset add evil_ips_dns 95.211.205.5/32
ipset add evil_ips_dns 95.211.156.101/32

# https://www.securelist.com/en/blog/8231/HackingTeam_2_0_The_Story_Goes_Mobile
ipset create evil_ips_C2 iphash
File ipset not changed so no update needed
root@dc1:~# cat ipset
# The Mask - C&C
# http://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/unveilingthemask_v1.0.pdf
ipset create evil_ips iphash
# cpsc.gov abuse
ipset add evil_ips 79.114.102.60/32
ipset add evil_ips 190.10.9.209/32
ipset add evil_ips 190.105.232.46/32
ipset add evil_ips 196.40.84.94/32
ipset add evil_ips 200.122.160.25/32
ipset add evil_ips 202.150.211.102/32
ipset add evil_ips 202.150.214.50/32
ipset add evil_ips 202.75.56.123/32
ipset add evil_ips 202.75.56.231/32
ipset add evil_ips 202.75.58.153/32
ipset add evil_ips 210.48.153.236/32
ipset add evil_ips 223.25.232.161/32
ipset add evil_ips 37.235.63.127/32
ipset add evil_ips 81.0.233.15/32
ipset add evil_ips 82.208.40.11/32
ipset add evil_ips 62.149.227.3/32
ipset add evil_ips 75.126.146.114/32

# https://zaufanatrzeciastrona.pl/post/wlamania-do-kilku-bankow-skutkiem-powaznego-ataku-na-polski-sektor-finansowy/
ipset add evil_ips 125.214.195.17
ipset add evil_ips 196.29.166.218

# http://www.volexity.com/blog/?p=118
ipset add evil_ips 109.228.25.87/32


# http://blog.sucuri.net/2014/12/new-malware-campaign-wpcache-blogger-affects-thousands-more-wordpress-websites-via-revslider.html
ipset add evil_ips 122.155.168/24

# https://gist.github.com/jedisct1/52c4364b3568987b12b3
ipset add evil_ips 192.184.48.10/32

# Team Cymru
# https://www.team-cymru.com/ReadingRoom/Whitepapers/2013/TeamCymruSOHOPharming.pdf
ipset create evil_ips_dns iphash
ipset add evil_ips_dns 5.45.75.11/32
ipset add evil_ips_dns 5.45.75.36/32
ipset add evil_ips_dns 95.211.241.94/32
ipset add evil_ips_dns 95.211.205.5/32
ipset add evil_ips_dns 95.211.156.101/32

# https://www.securelist.com/en/blog/8231/HackingTeam_2_0_The_Story_Goes_Mobile
ipset create evil_ips_C2 iphash
ipset add evil_ips_C2 50.63.180.0/24
ipset add evil_ips_C2 146.185.30.0/24
ipset add evil_ips_C2 204.188.221.0/24
ipset add evil_ips_C2 91.109.17.0/24
ipset add evil_ips_C2 106.186.17.0/24
ipset add evil_ips_C2 119.59.123.0/24
ipset add evil_ips_C2 95.141.46.0/24
ipset add evil_ips_C2 192.71.245.0/24
ipset add evil_ips_C2 106.187.99.0/24
ipset add evil_ips_C2 93.95.219.0/24
ipset add evil_ips_C2 106.187.96.0/24
ipset add evil_ips_C2 124.217.245.0/24
ipset add evil_ips_C2 23.92.30.0/24
ipset add evil_ips_C2 82.146.58.0/24
ipset add evil_ips_C2 93.95.219.0/24
ipset add evil_ips_C2 209.59.205.0/24

# 25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Equation_group_questions_and_answers.pdf
ipset create equation_group iphash
ipset add equation_group 149.12.71.2/32
ipset add equation_group 190.242.96.212/32
ipset add equation_group 190.60.202.4/32
ipset add equation_group 195.128.235.227/32
ipset add equation_group 195.128.235.231/32
ipset add equation_group 195.128.235.233/32
ipset add equation_group 195.128.235.235/32
ipset add equation_group 195.81.34.67/32
ipset add equation_group 202.95.84.33/32
ipset add equation_group 203.150.231.49/32
ipset add equation_group 203.150.231.73/32
ipset add equation_group 210.81.52.120/32
ipset add equation_group 212.61.54.239/32
ipset add equation_group 41.222.35.70/32
ipset add equation_group 62.216.152.67/32
ipset add equation_group 64.76.82.52/32
ipset add equation_group 80.77.4.3/32
ipset add equation_group 81.31.34.175/32
ipset add equation_group 81.31.36.174/32
ipset add equation_group 81.31.38.163/32
ipset add equation_group 81.31.38.166/32
ipset add equation_group 84.233.205.99/32
ipset add equation_group 85.112.1.83/32
ipset add equation_group 87.255.38.2/32
ipset add equation_group 89.18.177.3/32

# Evil Bunny http://www.slideshare.net/Cyphort/mmw-evil-bunny
ipset create evil_bunny iphash
ipset add evil_bunny 69.90.160.65/32
ipset add evil_bunny 70.38.107.13/32
ipset add evil_bunny 70.38.12.10/32

# http://blogs.cisco.com/security/talos/poseidon
ipset create poseidon iphash
ipset add poseidon 151.236.11.167/32
ipset add poseidon 185.13.32.132/32
ipset add poseidon 185.13.32.48/32
ipset add poseidon 31.184.192.196/32
ipset add poseidon 91.220.131.116/32
ipset add poseidon 91.220.131.87/32

# https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html
ipset create kriptovo iphash
ipset add kriptovo 66.96.147.86/32

# http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf
ipset add kriptovo 184.106.208.157/32
ipset add kriptovo 194.54.81.162/32
ipset add kriptovo 194.54.81.163/32
ipset add kriptovo 194.54.81.164/32
ipset add kriptovo 50.28.24.79/32
ipset add kriptovo 67.221.183.105/32
ipset add kriptovo 195.242.70.4/32

 

4 Responses to “Transparency”

  1. Josh

    Hello,

    I just had one quick question. On your diagram on top, right after TOR did you mean namecoin? I’ve never heard of anything called namechain. Maybe I’m mistaken, thanks again!

  2. Maciej Soltysiak

    Namechain is the namecoin blockchain, so by that I mean namecoind is configured to access the namecoin network and ledger (namechain) through tor.
    I hope this clarifies a bit, but feel free if you need any more information.

  3. Josh

    Ah! That makes sense now, thanks a lot!

Leave a Reply